Inference of termination conditions for 
numerical loops 



Alexander Serebrenik*, Danny De Schreye 

Department of Computer Science, K.U. Leuven 
Celestijnenlaan 200A, B-3001, Heverlee, Belgium 
E-mail: Alexander.Serebrenik@cs.kuleuven.ac.be 



Abstract. We present a new approach to termination analysis of nu- 
merical computations in logic programs. Traditional approaches fail to 
analyse them due to non well-foundedness of the integers. We present 
a technique that allows to overcome these difficulties. Our approach is 
based on transforming a program in way that allows integrating and 
extending techniques originally developed for analysis of numerical com- 
putations in the framework of query-mapping pairs with the well-known 
framework of acceptability. Such an integration not only contributes to 
the understanding of termination behaviour of numerical computations, 
but also allows to perform a correct analysis of such computations auto- 
matically, thus, extending previous work on a constraints-based approach 
to termination. In the last section of the paper we discuss possible exten- 
sions of the technique, including incorporating general term orderings. 



1 Introduction 

Numerical computations form an essential part of almost any real-world 
program. Clearly, in order for a termination analyser to be of practical use 
it should contain a mechanism for inferring termination of such compu- 
tations. However, this topic attracted less attention of the research com- 
munity. In this work we concentrate on automatic termination inference 
for logic programs depending on numerical computations. Dershowitz et 
al. [10] showed that termination of general numerical computations, for 
instance on floating point numbers, may be contr-intuitive, i.e., the actu- 
ally observed behaviour does not necessary coincide with the theoretically 
expected one. Thus, we restrict ourselves to integer computations only. 

While discussing termination of integer computations the following 
question should be asked: what conditions on the queries should be as- 
sumed, such that the queries will terminate. We refer to this question 
as to termination inference problem. We illustrate this notion with the 
following example: 

* supported by GOA: "LP + : a second gen eration logic programming language". 



Example 1. 



p(X) < 7, XI isX + l,p(Xl). 

This program terminates for queries p(X), for all integer values of X. 
Thus, the answer for the termination inference problem is the condition 
"true". □ 

This example also hints why the traditional approaches to termination 
analysis fail to prove termination of this example. These approaches are 
mostly based on the notion of level mapping, that is a function from the 
set of all possible atoms to the natural numbers, and should decrease while 
traversing the rules. In our case, such a level mapping should depend on 
X, but X can be negative as well! 

Two approaches for solving this problem are possible. First, once can 
change the definition of the level mapping to map atoms to integers. 
However, integers are, in general, not well-founded. Thus, to prove termi- 
nation one should prove that the mapping is to some well-founded subset 
of integers. In the example above (—00, 7) forms such a subset with an 
ordering such that x >- y if x < y, with respect to the usual ordering 
on integers. 

The second approach, that we present in the paper, does not require 
changing the definition of level mapping. Indeed, the level mapping as 
required exists. It maps p(X) to 7 — X if X < 7 and to otherwise. 
This level mapping decreases while traversing the rule, i.e., the size of 
p(X), 7 — X, is greater than the size of p(Xl), 6 — X, thus, proving 
termination. We present a transformation that allows to define such a 
level mappings in an automatic way. The transformation presented allows 
to incorporate techniques of [10], such as level mapping inference, in the 
well-known framework of the acceptability with respect to a set [7,8]. 
This integration provides not only a better understanding of termination 
behaviour of integer computations, but also the possibility to perform the 
analysis automatically as in Decorte et al. [9]. 

The rest of the paper is organised as following. After making some 
preliminary remarks we present in Section 3 our transformation — first by 
means of an example, then more formally. In Section 4 we discuss more 
practical issues and present the algorithm, implementing the termination 
inference. In Section 5 we discuss further extensions, such as proving 
termination of programs depending in numerical computations as well as 
the symbolic ones. Then we review the related work and conclude. 
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2 Preliminaries 



2.1 Logic Programming 

We follow the standard notation for terms and atoms. A query is a fi- 
nite sequence of atoms. Given an atom A, rel(A) denotes the predicate 
occuring in A. Termp and Atomp denote, respectively, sets of all terms 
and atoms that can be constructed from the language underlying P. The 
extended Herbrand Universe Up (the extended Herbrand base Bp) is a 
quotient set of Termp [Atomp) modulo the variant relation. 

We refer to an SLD-tree constructed using the left-to-right selection 
rule of Prolog, as an LD-tree. We will say that a goal G LD -terminates 
for a program P, if the LD-tree for (P, G) is finite. 

The following definition is borrowed from [1]. 

Definition 1. Let P be a program andp, q be predicates occuring in it. 

— We say that p refers to q in P if there is a clause in P that uses p in 
its head and q in its body. 

— We say that p depends on q in P and write p □ q, if (p, q) is in the 
transitive, reflexive closure of the relation refers to. 

— We say that p and q are mutually recursive and write p ~ q, if p □ q 
and q □ p. We also write p □ q when p □ q and q 2 P- 

2.2 Termination analysis 

In this subsection we recall some basic notions, related to termination 
analysis. A level mapping is a function | • |: Bp — ► M, where Af is the set 
of the natural numbers. 

The following definition generalises the notion of acceptability with 
respect to a set [7, 8] by extending it to mutual recursion, using the stan- 
dard notion of mutual recursion [1]. 

Definition 2. Let S be a set of atomic queries and P a definite program. 
P is acceptable with respect to S if there exists a level mapping \ ■ \ such 
that 

— for any A e Call(P, S) 

— for any clause A' <— B\, . . . , B n in P, such that mgu(^4, A') = 9 exists, 

— for any atom Bi, such that rei(Pj) ~ rel(A) 

— for any computed answer substitution a for <— (B\, . . . , Pj_i)#: 

| A | > | BiOa | 
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The following proposition characterises LD-termination in terms of 
acceptability. 

Theorem 1. (cf. [7]) Let P be a program. P is acceptable with respect 
to a set of atomic queries S if and only if P is LD -terminating for all 
queries in S. 

We also need to introduce the notion of inter argument relations. 

Definition 3. [9] Let P be a definite program, p/n a predicate in P. 
An interargument relation for p/n is a relation R p C J\f n . R p is a valid 
interargument relation for p/n with respect to a norm || • || if and only if for 
every p(t u ... ,t n ) € Atom P : if P \= p(t u . . . , t n ) then {\\t x ||, . . . , \\t n \\) G 
R p . 

To characterise program transformations Bossi and Cocco [4] intro- 
duced the following notion for a program P and a query Q. M.{P}(Q) = 

{a | there is a successful LD-derivation of Q and P with c.a.s. a} 
U{_L | there is an infinite LD-derivation of Q and P} 

3 Methodology 

In this section we introduce our methodology using a simple example. In 
the subsequent section we formalise it and discuss different extensions. 

Our first example generates an oscillating sequence like —2, 4, — 16, . . . 
and stops if the generated value is greater than 1000 or smaller than 

— 1000. The treatment is done first on the intuitive level. 

Example 2. We are interested in proving termination of the set of queries 
S = {p(X) | X is an integer} with respect to the following program. 

p(X) ^ X > 1,X < 1000, XI is -X*X,p(Xl). 
p(X) <- X < -1,X > -1000, XI isX*X,p(Xl). 

The direct attempt to define the level mapping of p(X) as X fails, since X 
can be positive as well as negative. Thus, a more complex level mapping 
should be defined. We start with some observations. 

The first clause is applicable if 1 < X < 1000, the second one, if 
-1000 < X < -1. Observe that termination of p(X) for X < -1000, 

— l<X<lorX> 1000 is trivial. Moreover, if the first clause is applied, 
then for the recursive call p(Xl) it holds that —1000 < XI < 1. Similarly, 
if the second clause applied, then for the recursive call p(Xl) holds that 
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1 < XI < 1000. We use this observation and replace a predicate p with 
two new predicates p 1 < x < 1000 an d p -iooo<x<-i ) gucll that p i<x<iooo ig 
called ifp(X) is called and < X < 1000 holds and p -iooo<x<-i ig called 
if p(X) is called and —1000 < X < — 1 holds. The following program is 
obtained: 

1<X<1000/xm , v ^ 1 v / mnn yi ,v v „-1000<X<-l, 



p i<A<iuuu (x) ^ X > x 5 X < 1000, XI is - X * X,p- iUUU<A< - i (Xl) 



iooo<x<-i (x) < _ 1)X > _ 1000)X1 is x*X,p 1<x<1000 (Xl). 

Now we can define two different level mappings, one for atoms of p 1 <^< 1000 
and another one for atoms of p ~ 1000 < x . Let | p 1<x<1000 (X) \ = 
1000 - X and let | p- 1000<x< - 1 (X) \ = 1000 + X. We verify that the 
transformed program is acceptable with respect to S' = {p 1<x<1000 (x) \ 
1< X < 1000} U { :p -iooo<x<-i( X ) | _ 100Q < x < -1} via the specified 
level mappings. This will imply termination of the transformed program 
with respect to these queries, and thus, termination of the original pro- 
gram with respect to S. 

Indeed, consider first queries of the form p 1 < x < 1000 ( n ^ f or 1 < n < 
1000. The only clause that its head can be unified with this query is 

the first clause and the only atom of a predicate mutually recursive 
with p K*<iooO( X ) ig p -iooo<x<-i( m )_ Thenj the following should hold . 

p KX<1000( n ) | > | p -1000<X<-l( m ) | ; 100 q _ n> 100 q + m> RecaU 

that n > 1 and m = —n 2 , thus, 1000 — n > 1000 — n 2 which is true for 
n > 1. Similarly, for queries of the form p~ 1000<x< ~ 1 (n), the acceptabil- 
ity condition is reduced to 1000 + n > 1000 — n 2 which is true for n < — 1. 
□ 

The intuitive presentation above hints to the major issues to be dis- 
cussed in the following sections: how the above can be extracted 
from the program, and how, given the cases extracted, the program should 
be transformed? Before discussing the answers to these questions we 
present some basic notions. 



3.1 Basic notions 

In this section we formally introduce some notions that the further analy- 
sis will be based on. Recall that the aim of our analysis, given a predicate 
and a query, is to find a sufficient condition for termination of this query 
with respect to this program. Thus, we need to define a notion of a termi- 
nation condition. To do so we start with a number of auxiliary definitions. 

Definition 4. Let p be a predicate of arity n. Then, $l p ,...,$n p are 
called argument positions denominators. 



5 



If the predicate is clear from the context the superscripts will be omitted. 

Definition 5. Let P be a program, S be a set of queries. An argument 
position i of a predicate p is called integer argument position, if for every 
p(t\, . . . , t n ) £ Call(P, S), U is an integer. 

Argument positions denominators corresponding to integer argument po- 
sitions will be called integer argument positions denominators. 

An integer inequality is an atom of one of the following forms Expl > 
Exp2, Expl < Exp2,Expl > Exp2 or Expl < Exp2, where Expl and 
Exp2 are numerical expressions, i.e., are constructed from integers, vari- 
ables and the four operations of arithmetics. A symbolic inequality over 
the arguments of a predicate p is constructed similarly to an integer in- 
equality. However, instead of variables, integer argument positions de- 
nominators are used. 

Example 3. X > and Y < X + 5 are integer inequalities. Given a 
predicate p of arity 3, having only integer argument positions $l p > 
and $2 P < $l p + $3 P are symbolic inequalities over the arguments of p. □ 

Disjunctions of conjunctions based on integer inequalities are called 
integer conditions. Similarly, propositional calculus formulae based on 
symbolic inequalities over the arguments of a same predicate are called 
symbolic conditions over the integer arguments of this predicate. 

Example 4- A>0Ay<A + 5isan integer condition. Given a predicate 
p as above $P > A $2 P < $l p + $3 P is a symbolic condition over the 
integer arguments of p. □ 

Definition 6. Let p(t\, . . . , t n ) be an atom and let c p be a symbolic con- 
dition over the arguments of p. An instance of the condition with respect 
to an atom, denoted c p (p(ti, . . . , t n )), is obtained by replacing the argu- 
ment positions denominators with the corresponding arguments, i.e., %i p 
with t,i. 

Example 5. Let p(X, Y, 5) be an atom and let c p be ($P > 0) A ($2 P < 
$l p + $3 p ). Then, c p (p(X,Y,5)) is the integer conjunction (X > 0) A (T < 
X + 5). □ 

Now we are ready to define termination condition formally. 

Definition 7. Let P be a program, and Q be a query. A symbolic con- 
dition c re l(Q} is a termination condition for Q if given that c re ^Q^(Q) 
holds, Q left-terminates with respect to P. 
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A termination condition for Example 2 is true, i.e., the query <— p(X), 
terminates with respect to the program for all integer X. Obviously this 
is not always the case. 

Example 6. Consider the following program. 

q(X) <- X > 0,X < 5,q{X). 
q{X) «- X > -5. 

This program terminates for queries <— p(n), such that n < —5, since no 
rule is applicable, or — 5 < n < V n > 5, since repeated rule application 
in this case is finite. Thus, a termination condition for the goal <— q(X) 
is$l<0V$l>5. □ 

3.2 Types 

In this subsection we discuss inferring what values integer arguments 
can take during traversal of the rules, i.e., the "case analysis" performed 
in Example 2. This information is crucial for defining level-mappings. 
Example 2 provides already the underlying intuition — "cases" are types, 
i.e., calls of the predicate p c are identical to the calls of the predicate p, 
where c holds for its arguments. More formally we define a notion of set 
of adornments, later we specify when it is guard-tuned and we show how 
such a guard-tuned set of adornments can be constructed. 

Definition 8. Let p be a predicate, and let c\, . . . ,c n be symbolic condi- 
tions over the integer arguments of p. The set A p = {c±, . . . ,c n } is called 
set of adornments forp if for alli,j such that 1 < i < j < n, CiAcj = false 
and VT=i c, i = true. 

A set of adornments partitions the domain for (some of) the integer 
variables of the predicate. 

Example 7. Let P be as in Example 2. The following are examples of sets 
of adornments: {$1 < 100, $1 > 100} and {($1 < -1000) V (-1 < $1 < 
1) V ($1 > 1000), -1000 < $1 < —1, 1 < $1 < 1000}. □ 

3.3 Program transformation 

The next question that should be answered is how the program should 
be transformed given a set of adornments. After this transformation 
p c (X\, . . . , X n ) will behave with respect to the transformed program ex- 
actly as p(X\, . . . ,X n ) does, for all calls that satisfy the condition c. 
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Intuitively, we replace each call to the predicate p in the original pro- 
gram by a number of possible calls in the transformed one. To define a 
transformation formally we introduce the following definition: 

Let H <— B±, . . . , B n be a rule. Bi, . . . , Bi, 1 < i < n, is called prefix 
of the rule, if for all j, 1 < j < i, Bj is an integer inequality and the only 
variables appearing in its arguments are variables of H. B±,...,Bi is 
called the maximal prefix of the rule, if it is a prefix and B±, . . . , Bi, Bi + \ 
is not a prefix. 

Observe, that since a prefix constrains only variables appearing in the 
head of a clause there exists a symbolic condition over the arguments 
of the predicate of the head, such that the prefix is its instance with 
respect to the head. Note, that in general, this symbolic condition is not 
necessarily unique. 

Example 8. Consider the following program: p(X, Y, Y) <— Y > 5. The 
only prefix of this rule is Y > 5. There are two symbolic conditions over 
the arguments of p, $2 > 5 and $3 > 5, such that Y > 5 is their instance 
with respect to p(X, Y,Y). □ 

The following notion, borrowed from [10], guarantees uniqueness of 
such symbolic conditions. In this case we say that the symbolic condition 
corresponds to the prefix. 

Definition 9. [10] A rule H *— B\, . . . , B n is called partially normalised 
if all integer argument positions in H are occupied by distinct variables 1 . 

We will also say that a program P is partially normalised if all the 
rules in P are partially normalised. After integer argument positions are 
identified a program can be easily rewritten to partially normalised form. 

Now we are ready to present the transformation formally. 

Definition 10. Let P be a program and let p be a predicate in it. Let 
A = U<yeP ^ e a se ^ of possible adornments for P. Then, the program 
P a , called adorned with respect to p, is obtained by two steps as following: 

1. For every rule r in P and for every subgoal q(t±, . . . , t n ), p ~ q, in r 

For every A G A q 

Replace q(t x , ...,t n ) by q A (h, ...,t n ). 

2. For every newly obtained rule r 

Are adornments and inequalities in the body of r consistent? * 
If not — reject the rule. 

1 If such a rule has only integer arguments Apt et al. [2] call it homogeneous. 
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If r defines some q, q ~ p 

Get as adornments of the head of r all A G A q , that are con- 
sistent with comparisons of the maximal prefix of r and adorn- 
ments of the body ofr. 

Example 9. Continue Example 2. The sets of adornments presented in 
Example 7 are used. With the first set of adornments in Example 7 we 
obtain the program: 

p U ^ 100 (X) <- X > 1,X < 1000, XI is - X * X,p $1 - W0 (Xl). 
p $1>W0 (X) <- X > 1,X < 1000, XI is - X * X,p $1 ^ 100 (Xl). 
p $1 - 100 (X) ^ X < -1,X > -1000, XI is X * X lP $1 - 100 (Xl). 
p $1 ^ W0 (X) ^ X < -1,X > -1000, XI is X * X,p $1>100 (Xl). 

If the second set of adornments is used, the following program is obtained: 
p K$i<iooopq <-X>l,X < 1000, XI is - X * X, 

p - 1000<$1 <-\xi). 

p 1<$1<1000 (X) i- X > 1, X < 1000, XI is - X * X, 
p($i<-iooo)v(-i<$i<i)v($i>iooo) (xi) 

p-KXXXSK-i^j i-x <-l,X > -1000, XI isX*X, 

p 1<$1 < W00 (Xl). 

p- 1000<Sl< - 1 (X) <- X < -1,X > -1000, XI isX*X, 
p($i<-iooo)v(-i<$i<i)v($i>iooo) (xi) 

□ 

Correctness of the transformation should be proved. First of all, finiteness 
of the number of clauses, the number of subgoals in a clause and the num- 
ber of elements in an adornment ensures that the transformation always 
terminates. Second, we need to prove that the transformation preserves 
termination. 

Adorning clauses introduces new predicates. This means that the 
query Q gives rise to a number of different queries. Clearly, termina- 
tion of all of these queries with respect to P a is equivalent to termination 
of Q with respect to P a augmented by a set of the clauses, such that 
for every p ~ rel(Q) and for every A G A p the clause p(X±, . . . , X n ) <— 
p A (Xi, . . . , X n ) is added. We call this extended program P ag . 

Lemma 1. Let P he a program, and let Q be a query. Let P ag be a 
program obtained as described above. Then, M\P a9 1(Q) C A4{P}(Q). 
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Proof. Proof is done similarly to [13]. Replace each call to adorned pred- 
icate p A in the body of clauses originating from P a by the correspond- 
ing call to p. Call the obtained program P a 9 w m Since P ag \ P a has a 
clause for every adornment in A p , every path in the LD-tree of Q w.r.t. 
P ag has a corresponding path in the LD-tree of Q w.r.t. P a 9 w . Thus, 
M\P a mQ)<ZM\P a 9 w \{Q). 

Similarly, every path in the LD-tree of Q w.r.t. p a 9 w has a corre- 
sponding path in the LD-tree of Q w.r.t. P. Indeed, every call to p on the 
path of the LD-tree of Q w.r.t. p a 9 w i s followed by calls to all adorned 
versions of p via rules originating from P ag \ P a , and subsequently to the 
rules of those predicates. However, in P these rules are directly defining 
P. Thus, M\P agw l{Q) C M\P\{Q). 

We conclude, that M\P a9 \{Q) C M\P\{Q). ■ 

The second direction of the containment depends on the consistency 
check strategy applied at the point marked by * in the definition of P a . 

Example 10. Let Q be p(X) and let P be the following program 

p{X) ^X>0, q{X),X < 0. q(X) <- X > 0,p(X). 

Predicates p and q are mutually recursive. Thus, both of them should be 
adorned. Let A p be {$1 > 0,$1 < 0} and A q be A q = {$1 > 0,$1 < 0}. 
The following program is obtained after the first step of the adorning 
process. 

p(X) ^X > 0,q $1>0 (X),X < 0. q(X) ^X > 0,p Sl>0 (X). 
p{X) ^X > 0,q $1 ^°(X),X < 0. q(X) ^X > 0,p Sl ^°(X). 

The second step of the adorning process should infer adornments for the 
heads of the clauses, possibly rejecting the inconsistent ones. If the infer- 
ence technique is eager, i.e., tries to use all the information it has in the 
body constraints and adornments of body subgoals, a program consisting 
only of one rule, namely q$ 1>0 (X) <— X > 0,p$ 1>0 (X), is obtained. Other 
clauses are rejected because inconsistency of the set of built-in compar- 
isons and adornments applied to the corresponding atoms is discovered. 
Thus, the extended program is the following one: 

q $1>0 (X)^X>0,p $1 > (X). 
q (X)^q $1 >°(X). p(X)^p $1 >°(X). 
q(X)^q $1 ^(X). p(X)^p $1 ^(X). 
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The query p{X) terminates with respect to this program, while it does 
not terminate with respect to the original one. This example shows that 
eager inference technique can actually improve termination. 

In order termination to be preserved a weaker inference engine should 
be used. For example, one can use an inference technique that considers 
inequalities only of the maximal prefix. If this technique is used, the 
following program is obtained after extension: 



The query p(X) does not terminate with respect to this program, just 
as it does not terminate with respect to the original one. The following 
lemma shows that if this weaker inference technique is used, termination 



Observe that it is known that unfolding preserves computed answer 
substitutions [3,4], thus in order to prove the second direction of the 
containment we have to prove that termination is preserved. Unlike the 
previous lemma that can be established for an arbitrary set of symbolic 
conditions, used as adornments, this lemma holds only sets of adornments 
as defined in Definition 8. 

Lemma 2. Let P be a program, and let Q be a query. Let P ag be a pro- 
gram obtained as described above with respect to a set of adornments and 
consistency checking with respect to maximal prefixes. Then, M. \P\ (Q) C 



Proof. Assume that Q terminates w.r.t. P a9 and does not terminate w.r.t. 
P. Let H <— Bi, . . . , B n be a clause in P, such that Q can be unified with 
H and the application of this rule starts an infinite branch in the LD-tree. 

In the resolution w.r.t. P ag the only clauses to be applied to resolve 
with Q are those of P a9 \P a . This will reduce the query to queries of the 
form q A (ti, . . . ,tk), where q A are adorned versions of the predicate q of 
Q and t±, . . . , are arguments of Q. 

First of all, we prove that for some adornment of q there exists an 
adorned variant of H «— B\ , . . . , B n exists in P a9 . For the sake of contra- 
diction assume that this does not hold, i.e., there is no possible adornment 
of atoms of predicates mutually recursive with rel(H) that is consistent 



p $i>0 (x) ^ X >0, q $1>0 (X), X < 0. 
q $1>0 (X)^X>0 lP $1>0 (X). 
q (X)^q $1 > (X). p(X)^p $1 >°(X). 





is preserved. 



□ 



M\p a n{Q). 
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with comparisons of the maximal prefix of the clause and with one of 
the possible adornments for rel(H). This verbal description above can be 
rewritten in the following way: 

false = A&CkBuk . . . kB nl 

false = A n kCkB lmi k . . . &B nmn 

where A\, . . . , A n are all possible adornments for rel(H), C is a conjunc- 
tion of comparisons of the maximal prefix of the clause and Bn,..., B nnin 
are all possible adornments for the atoms of predicates mutually recursive 
with rel(H) and appearing in the body of the clause. Disjunction of these 
conjunctions is, on the one hand, fa.be and on the other hand, C (since 
A p is complete). Thus, C = false. 

Observe, that comparisons of the maximal prefix are not affected by 
the transformation. Thus, the body of the clause above starts with a 
sequence of inconsistent comparisons. Since comparisons are part of the 
maximal prefix, inconsistency will be discovered before any atom other 
than a comparison is reached. Thus, any application of this clause will 
cause a failure and it cannot start an infinite branch of the LD-tree. 
Thus, the adorned version of H <— B±, . . . , B n exists in P a9 . Let H' <— 
B[,...,B' n be this adorned version, where B[ denotes either an adorned 
version of Bi, if Bi was adorned, and is identical to Bi otherwise. 

Let Bj be the first (while going from left to right) adorned atom in 
the clause body. Since transformation does not affect the preceding body 
atoms the corresponding queries are identical w.r.t. P and w.r.t. P ag . Let 
Q'j be a query corresponding to Bj, and let Qj be a query corresponding 
to Qj. We have to prove that Qj terminates. 

Assume that Qj does not terminate. Let G <— ... be a clause in P, 
such that Qj is resolved with on the infinite branch of the LD-tree. By the 
previous claim there is an adorned version of this clause that belongs to 
P ag . If there is no adorned version of this clause with the adornment of Q'j 
then by reasoning similar to above one can conclude that this adornment 
is inconsistent with the comparisons of the maximal prefix. Since those are 
not affected by the transformation and are identical in the clause of P and 
in the corresponding clause of P ag . Thus, any application of this clause 
will cause a failure and it cannot continue an infinite branch of the LD- 
tree. This means, that there exists an adorned variant of the clause, such 
that its head can be unified with Q'-. Since computed answer substitutions 
of queries with respect to P and of P ag are identical (follows from the 
fact that unfolding preserves computed answer substitutions [11]) the 



12 



same reasoning can be done for any of the subsequent calls and clauses, 
i.e., we will mimic the resolution started by Qj w.r.t. P by a resolution 
that is started by Qj w.r.t. P ag . Since any resolution of Qj w.r.t. P ag is 
finite, contradiction to the assumption is obtained. 

Since computed answers are preserved the same claim can be proved 
also for the queries, originating from other atoms that Bj, thus, complet- 
ing the proof. ■ 

The following theorem summarises lemmas above, for the case of max- 
imal prefixes. 

Theorem 2. Let P be a program, let Q be a query and let A be a set 
of adornments. Let P ag be a program obtained as described above with 
respect to A. Then, M\P\{Q) = M[P a9 \{Q). 

This theorem has two corollaries. The first one establishes a relation 
between the termination condition and the adornments and the second 
one allows to reason on the termination with respect to the original pro- 
gram P. 

Corollary 1. Let P be a program, let Q be a query and let A be a set of 

adornments. Let 

A = {a | a G A, for all q rel(Q) a □ q, q is not recursive in P a }. 
Then VaeA ^ s a termination condition for P. 

Example 11. Continue Example 9. In the program obtained with respect 
to the second set of adornments, predicate p($i<-iooo)v(-i<$i<i)v($i>iooo) 
satisfies the Corollary. Thus, ($1 < -1000) V(-l < $1 < 1) V($l > 1000) 
is a termination condition for p(X) with respect to the program presented 
in Example 2. □ 

Theorem 2 implies that a program P is LD-terminating with respect 
to all queries in a set of atomic queries S if and only if P ag , constructed as 
above, is acceptable with respect to S. However, the later one is equivalent 
to acceptability of P a with respect to {q A (t\, . . . , t n ) \ q(t\,...,t n ) E 
S,AeA q }. 

Corollary 2. Let P be a program, let S be a set of atomic queries and let 
A = Ug e (s) q~rel(Q) ^ e a se ^ °f adornments. Let P a be obtained with 
respect to A. Then, P is LD-terminating with respect to all queries in S if 
and only if P a is acceptable with respect to {q A {t\, . . . , t n ) \ p(t\, . . . , t n ) G 
S,AeA q }. 
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This corollary allows to complete the termination proof for Example 2. 



Example 12. The transformed program P a (with respect to { — 1000 < 
$1 < -1, 1 < $1 < 1000, ($1 < -1000) V (-1 < $1 < 1) V ($1 > 1000)}) 
is presented in Example 9. We prove acceptability of P a with respect to 
the set S = {pi<«Kiooo (X ) ; p -iooo<$i<-i (x) j 

p($i<-iooo)v(-i<$i<i)v($i>iooo) (X )}. Theri) s = Call(P a ,S). Let | ■ | be 
the level mapping, defined as follows: 

iooo<$i<-i/^| _ flOOO + Xif - 1000 <X<-1 



p -1000<$K-lpq 



otherwise 



| KSKiooo/jn i = f iooo - X if 1< X < 1000 
[0 otherwise 

| p ($l<-1000)V(-l<$l<l)V($l>1000) ( X ) | _q 

We are not going to prove completely that P a is acceptable with respect 
to S via | • |, but restrict ourselves only for one call, p 1<$1<100 ° (X) . 
There are two clauses — the first and the second one — such that their heads 
can be unified with p 1<: ® 1<1000 (X) . The second clause is not recursive 
and the condition holds vacuously. The first clause is recursive and the 
acceptability requires 1000 - X > 1000 + XI, where X > 1,X < 1000 
and XI = —X 2 . Substituting the last equality and simplifying one gets 
X 2 > X, that is true for X > 1. Other calls are solved similarly. □ 



4 Practical issues 



In the previous section we have shown the transformation that allows 
reasoning on termination of the numerical computations in the framework 
of acceptability with respect to the set. In this section we discuss a number 
of practical issues to be considered for an automated termination analysis. 



4.1 Guard-tuned sets of adornments 

In Example 7 we have seen two different sets of adornments. Both of them 
are valid according to Definition 8. However, {—1000 < $1 < —1, 1 < 
$1 < 1000, ($1 < -1000) V (-1 < $1 < 1) V ($1 > 1000)} is in some sense 
preferable to {$1 < 100, $1 > 100}. There is a number of reasons to prefer 
the first set to the second one. First of all, it has a declarative reading: 
the sets that are constructed are related to the constraints in the bodies 
of the clauses and in fact express conditions that, when satisfied, allow 
to traverse the rule. Second, comparing the two adorned programs in 
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Example 9 one might observe that the second program has two mutually 
recursive predicates, connected by two clauses, while the first program 
has not only this connection, but also self-loop on one of the predicates. 

Intuitively, a set of adornments of a predicate p is guard-tuned if for 
every adornment a in it and every clause c of the program defining p 
the conjunction of the maximal prefix of c and a is either false or the 
conjunction is identical to a. We will see that the set of adornments we 
preferred in the discussion above is guard-tuned, while the second set is 
not. 

Definition 11. Let P be a partially normalised program, let p be a pred- 
icate in P, and let A p be a set of adornments for p. We say that A p 
is guard-tuned if for every A £ A p and for every rule r € P with the 
symbolic condition c corresponding to the maximal prefix of r holds that 
either c A A = false or c A A = A. 

Example 13. Consider the sets of adornments presented in Example 7. 
The first set of adornments is not guard-tuned while the second one is 
guard-tuned. □ 



4.2 How to construct a guard-tuned set of adornments? 

In this subsection we present a technique allowing to construct a guard- 
tuned set of adornments for a predicate p given a program P. To do so, 
recall once more Examples 7 and 13. They suggest two ways of construct- 
ing such a set. The first one is: given a program P collect the symbolic 
conditions, corresponding to the maximal prefixes of the rules defining p 
(we denote this set C p ) and add the completion of the constructed dis- 
junction. Unfortunately, this set of conditions is not necessarily a set of 
adornments and if so, it is not necessary guard-tuned. 

Example 14- Consider the following program. 

r{X) <- X > 5. 

r(X) ^X > 10,r{X). 

Two sets of symbolic conditions can be constructed in the way described 
above: {r $1 - 5 , r $1>5 5 r Si>io j w j 1 j c ] 1 j s no t a se t of adornments and {r $1 - 5 , 
r $i>5| w hi c h i s no t guard-tuned due to the second rule of the program. 
□ 
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Thus, we are going to use a different approach. Once more, we start 
by finding C p . Let C p = c\, . . . , c n , then let A p be the set of conjunctions 
of Cj's and their negations. We claim that the constructed set is always 
a guard-tuned set of adornments. Before stating this formally, consider 
once more Example 14. 

Example 15. In this case, the symbolic conditions corresponding to the 
maximal prefixes of the rules are $1 > 5 and $1 > 10. Thus, the adorn- 
ments are: $1 > 5 A $1 > 10, $1 < 5 A $1 > 10, $1 > 5 A $1 < 10, $1 < 
5 A $1 < 10. After simplifying and removing the inconsistent conjuncts: 
$1 > 10, $1 > 5A$1 < 10, $1 < 5. □ 

Lemma 3. Let P be a program, p be a predicate in P and A p be con- 
structed as described. Then A p is a guard-tuned set of adornments. 

Proof. The proof is immediate by checking the definitions ■ 



4.3 How to define a level mapping? 

One of the questions that should be answered is how the level mappings 
should be generated automatically. The problem with defining level map- 
pings is that they should reflect changes on possibly negative integer 
arguments, on the one hand, and remain non-negative, on the other. We 
also like to remain in the framework of level mappings on atoms defined 
as linear combinations of sizes of their arguments. 

We are going to solve this problem by defining different level mappings 
for different adorned versions of the predicate. The major observation 
underlying the technique presented in this subsection is that if $1 > $2 
appears in the adornment of a recursive clause, then for each call to this 
adorned predicate $1 — $2 will be positive, and thus, can be used for 
defining a level mapping. More formally: 

Definition 12. Let p El p E2 be an adorned predicate, where E\ and E2 
are expressions and p £ {>,>}. The primitive level mappingis defined 
as: 

f (E 1 -E 2 )(t u ...,t n ) if E 1 (t 1 ,...,t n )pE 2 (t 1 ,...,t n ) 
1 otherwise 

In most of the examples more than one conjunct will appear in the adorn- 
ment. In this case the level mapping is defined as a linear combination of 
primitive level mappings corresponding to the conjuncts. Some of the con- 
juncts may actually be disjunctions — they are ignored, since disjunctions 
can be introduced only by the fact the some rule cannot be applied. 
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Definition 13. Let p c be an adorned predicate, The natural level map- 
ping is defined as: 

\p c {t 1 ,...,t n ) | = c E lP E 2 \p ElpE2 (tl,...,t n )\P r , 
Ei p E2&c 

where c's are natural coefficients, E\ and E2 are expressions and p € {> 
,>}■ 

Example 16. The level mappings used in Example 12 are natural level 
mappings with the following coefficients: c$i >1 = 0, c$ 1<10 oo = 1) c $i<-i = 
0, c $1> _ 100 o = 1. For p («i<-iooo)v(-i<$i<i)v($i>iooo) the definition ho i ds 

trivially. □ 

Technique developed by Decorte et aJ. [9] allows to define symbolic 
counterparts of the level mappings and to infer the actual values of the 
coefficients by solving a system of constraints. 



4.4 Putting it all together and inferring termination 
constraints 

In this section we show how the steps studied so far can be combined to 
an algorithm that allows to infer termination conditions. Intuitively, one 
starts with a termination condition initialised to be true, i.e., assuming 
that query Q terminates with respect to a program P for all possible 
values of integer arguments. Constraints are constructed similarly to [9]. 
If these can be satisfied without imposing any additional constraints on 
the integer variables, stop and report termination for the condition con- 
structed so far. If these impose some constraints involving a new integer 
variable, repeat the process. If neither of the cases hold, stop and report 
possibility of non-termination. 

Any other technique proving termination and being able not only to 
claim "termination can be proved" or "termination cannot be proved" but 
also providing in the latter case some constraint that, if satisfied, implies 
termination can be used instead of [9]. The algorithm is presented in 

WSfflfpfls- 17. Consider the following program. 

q(X, Y) «- X >Y,Z isX -Y, Yl is Y + l, q(Z, Yl). 

We are interested in finding values of X and Y such that q(X, Y) ter- 
minates. The first step of our algorithm is inferring the sets of adorn- 
ments. There is only one inequality in the clause, i.e., X > Y. The cor- 
responding symbolic constraint is $1 > $2. Thus, the inferred adornment 
is {$1 > $2,$1 < $2}. 
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Let P be a partially normalised program, let Q be a query and let q be rel(Q). 

1. Initialise the termination condition c to be true. 

2. For each p ~ q construct A p . 

3. Adorn P w.r.t. q and U p ~ q -4p- 

4. Remove "irrelevant clauses" 

Let A\ , . . . , A n 6 A q be the only adornments of q 
that are consistent with c. 
For every rule r in P a 

If for all i, q A * g reJ(iTead(r)) 
Remove r from P a 

5. Define a symbolic counterparts of norms, 
level mappings and interargument relations. 

6. Construct constraints on the symbolic variables. Obtain S. 

7. Solve S. 

(a) Solution of S doesn't produce extra constraints on variables. 

Report termination for the condition constructed so far. 

(b) Solution of S produces extra constraints involving new integer variables. 

Add these constraints to termination condition. 
Go back to step 2. 

(c) Otherwise report possibility of non-termination. 



Fig. 1. Termination Inference Algorithm 



The adorned version of this program is 

q $1>$2 (X, Y) <- X >Y,Z is X -Y, Yl is Y + l, q $1>$2 (Z, Yl). 
q $1>$2 (X, Y) <- X >Y,Z is X -Y, Yl is Y+l, q $1 ^ $2 (Z, Yl). 

There is no clause defining q ^<^ 2 . By Corollary 1, $1 < $2 is a ter- 
mination condition. The recursive clause is analysed further. The level 
mapping is 



q $1>$2 (X,Y) |=c $1>$2 * 



X-Yif X > Y 
otherwise 



The acceptability decrease implies (see [9]): 

c $l>$2 

(X-Y)> 

c $l>$2 

(X-Y)-c $l>$2 Y, 

that is c$i > $2^" > 0. Since c$i>$2 > 0, Y > should hold. Now we restart 
the whole process with respect to Y > 0. The following adorned program 
is obtained: 

q 9l>S2 ' 92>0 (X,Y) <- X >Y,Z isX -Y,Yl isY + l,q $1>$2 ' $2>0 (Z,Yl) 
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g $1>$2 ' $2 ^°(X,y) <- X > Y,Z isX - Y,Y1 isY + l,q $1>$2 ^°(Z,Yl) 
q 9l> * 2 >* 2 ^°(X,Y) <- X > Y,Z isX - Y,Y1 isY + l,q $1 ^ $2 ' $2 ^°(Z,Yl) 

Our assumption is that $2 > 0. The second and the third clauses 
are "irrelevant" with respect to it. Thus, the only clause that should be 
analysed is the first one. The level mapping is thus, redefined as 



_$1>$2 



, vv v,_ (X-YiiX>Y (YifY>0 

{X, Y) | - c $1>$2 * | Q otherwige + c$ 2 >o * | otherwise 

Acceptability decreases imply that 

c$i>$ 2 (^ -Y) + c $2>0 Y > c $1>$2 ((X -Y)-Y) + c $2>0 (Y + 1), 

i.e., c$ 1> $ 2 y > c$ 2 >o- Since Y is assumed to be positive this can be sat- 
isfied by taking c$ 1> $ 2 = 1 and c$ 2 >o = 0. This solution does not impose 
additional constraints on integer variables. Thus, the analysis terminates 
reporting $1 < $2 V ($1 > $2 A $2 > 0) as a termination condition. □ 

In order to prove correctness of this algorithm we have to prove its 
termination and partial correctness, i.e., that the symbolic condition con- 
structed is a termination condition. Termination of the algorithm follows 
from termination of its steps discussed earlier and from the finiteness of 
the number of integer variables, restricting a number of possible jumps. 
Partial correctness follows from the correctness of transformations and 
the corresponding result of [9]. Observe that after removing "irrelevant 
clauses" the non-terminating (for some query) program might became 
terminating for it. However, this transformation expresses the meaning 
of termination condition: if c holds, clauses defining predicates such that 
their adornments are inconsistent with c can not be unified with Q. Ob- 
serve also, that at the first traversal of the algorithm (c = true), if P does 
not have an unreachable code, this step does not change P a . 



5 Further extensions 

In this section we discuss possible extensions of the algorithm presented 
above. First of all we re-consider inference of adornments, then we discuss 
integrating termination analysis of numerical and symbolic computations. 



5.1 Once more about the inference of adornments 

The set of adornments A p , inferred in Subsection 4.2 may sometimes 
be to week for inferring precise termination conditions, as the following 
example illustrates. 
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Example 18. Consider the following program: 

p(X,Y) <- X < 0,Y1 isY + l,p(Yl,X). 

The maximal prefix of the rule above is X < 0, thus, A p = {$1 < 0, $1 > 
0}. The only termination condition that will be found is $1 > 0, while 
the precise termination condition is $1 > V ($1 < A $2 > —1). □ 

The problem occured due to the fact that A p restricts only some sub- 
set of integer argument positions, while for the termination proof infor- 
mation on integer arguments outside of this subset may be needed. Thus, 
we need to infer information on some variables, given some information 
on some other variables. 

Definition 14. Let P be a program, let p be a predicate in P, let C q be a 

set of symbolic constraints over the integer argument positions of q, and 
C = UgfzpCq. A symbolic constraint c over the integer argument positions 
of p is called an extension of C if exists r G P, defining p, such that some 
integer argument position denominator appearing in c does not appear in 
C p , and c is implied by some c q G C q for the recursive subgoals and some 
interargument relations for the non-recursive ones. 

Let C be a set of symbolic constraints over the integer argument positions 
of p and let (f(C) be C U {c | c is an extension of C}. Define the set of 
adornments for p as {c[ A . . . A d n \ G ¥>*(C P ) or -icj G ip*(C p )}, where 
ip* (C) is a fixpoint of powers of 92 and C p is defined as in Subsection 4.2. 

Example 19. Consider once more Example 18. Symbolic comparison $1 < 
A $2 < -1 is the only extension of C p = {$1 < 0}, i.e., (p(C p ) = {$1 < 
0, $1 < 0A$2 < —1}. All integer argument positions denominators already 
appear in <p(C p ). Thus, tp*{C p ) = <~p(C p ) and the set of adornments is 
{$1 < A $2 < -1, ($1 < A $2 > -1) V $1 > 0}. □ 

An alternative approach to propagating such an information was sug- 
gested in [10]. To capture interaction between the variables a graph was 
constructed with integer argument positions as vertices and a "can influence" - 
relation as edges. This allows to propagate the existing adornments but 
not to infer the new ones and thus, is less precise than the approach 
presented in this subsection. 

5.2 Integrating numerical and symbolic computation 

As already claimed in the Introduction numerical computations form an 
essential part of almost any real- world program. Sometimes, such compu- 
tation is "pure numerical" , that is does not involve any reasoning on the 
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symbolic level, such as in the examples above. However, sometimes nu- 
merical computation is interleaved with a symbolic one as illustrated by 
the following example, collecting leaves of a tree with a variable branching 
factor, being a common data structure in natural language processing [15]. 

Example 20. 

collect(X, [X\L],L) <- atomic(X). 

collect(T, LO, L) «- compound(T), functor (T, _, A), 

process(T,0,A,LO,L). 
process(- } A, A, L, L). 

process(T, I, A, LO, L2) «- I < A, II is I + 1, arg(Il,T, Arg), 
collect(Arg, LO, LI), process(T, II, A, LI, L2). 

To prove termination of queries {collect(t,v, [])}, where t is a tree and v 
is a variable, the following three decreases should be shown: between a 
call to collect and a call to process in the second clause, between a call 
to process and a call to collect in the fourth one and between two calls 
to process in the same clause. The first and the second decreases can 
be shown only by a symbolic level mapping, the third one — only by the 
numerical approach. □ 

Thus, our goal is to combine the existing symbolic approaches with 
the numerical one presented so far. One of the possible ways to do so is to 
combine two level mappings, | • |i and | • (2, for example, by mapping each 
atom A 6 Bp to a pair of natural numbers (\A \i,\A I2). Then an ordering 
relation on the atoms can be defined, based on the lexicographic ordering 
of such pairs. Well-foundedness of the natural numbers implies that this 
ordering is well-founded and the framework of term-acceptability [18], 
allows to reason on termination of programs in terms of decreases on 
such orderings. 

Example 21. Continue Example 20. Let <p : Bp — > (A/U7V 2 ) be a following 
mapping: ip (collect (t,l0, 1)) = \\t\\, tp(process(t,i,a,lO,l)) = (\\t\\,a — i) 
where || • || is a term-size norm. Then, the three decreases are satisfied 
with respect to >, such that A\ > A2 if and only if ip(A\) >- tp^Az), 
where >- is the lexicographic ordering on M U TV 2 . □ 

This integrated approach allows to analyse correctly examples such 
as ground, unify, numbervars [19] and Example 6.12 in [10]. Moreover, 
some numerical examples, such as Ackermann's function, that cannot be 
analysed by extending [9] due to the limitations of level mappings defined 
as linear combinations, can be analysed by the integrated approach. 
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6 Conclusion 



Termination of numerical computations was studied by a number of au- 
thors [1, 2, 10]. Apt et al. [2] provided a declarative semantics, so called O- 
semantics, for Prolog programs with first-order built-in, including arith- 
metic operations. In this framework the property of strong termination, 
i.e., finiteness of all LD-trees for all possible goals, was completely char- 
acterised based on appropriately tuned notion of acceptability. This ap- 
proach provides important theoretical results, but seems to be difficult 
to integrate in automatic tools. In [1] it is claimed that an unchanged 
acceptability condition can be applied to programs in pure Prolog with 
arithmetic by defining the level mappings on ground atoms with the arith- 
metic relation to be zero. This approach ignores the actual computation, 
and thus, its applicability is restricted to programs using some arith- 
metics but not really relaying on them, such as quicksort. Moreover, as 
Example 17 illustrates there are many programs that terminate only for 
some queries. Alternatively, Dershowitz et al. [10] extended the query- 
mapping pairs formalism of [12] to deal with numerical computations. 
However, this approach inherited the disadvantages of [12], such as high 
computational price, as well. 

More research has been done on termination analysis for constraint 
logic programs [5, 14, 16, 17]. Since numerical computations in Prolog should 
be written in a way that allows a system to verify their satisfiability we 
can see numerical computations of Prolog as an ideal constraint system. 
Thus, all the results obtained for ideal constraints systems can be ap- 
plied. Unfortunately, the research was either oriented towards theoretical 
characterisations [16, 17] or restricted to domains isomorphic to M, such 
as trees and terms [14]. 

In a contrast to the approach of [10] that was restricted to verifying 
termination, we presented a methodology for inferring termination condi- 
tions. It is not clear whether and how [10] can be extended to infer such 
conditions. A main contribution of this work to the theoretical under- 
standing of termination of numerical computations is in situating them 
in the well-known framework of acceptability and allowing integration 
with the existing approaches to termination of symbolic computations. 
The methodology presented can be integrated in automatic termination 
analysers, such as [9]. 

The kernel technique is powerful enough to analyse correctly exam- 
ples such as gcd and mod [10], all examples appearing in the dedicated 
to arithmetic Chapter 8 of [19], also being a superset of arithmetical ex- 
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amples appearing in [1]. Moreover, our approach gains its power from the 
underlying framework of [9] and thus, allows to prove termination of some 
examples that cannot be analysed correctly by [10], similar to confused 
delete [6,9]. The extended technique, presented in Section 5, allows to 
analyse correctly examples such as Ackermann's function, ground, unify, 
numbervars [19] and Example 6.12 in [10]. 

As a future work we consider a complete implementation of the algo- 
rithm. Due to the use of the constraint solving techniques we expect it 
both to be powerful and highly efficient. 
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